Export an NPS Server Configuration for Import on Another Server

You can export the entire NPS configuration — including RADIUS clients and servers, network policy, connection request policy, registry, and logging configuration — from one NPS server for import on another NPS server.

Use one of the following procedures to export the NPS configuration:

In Windows Server® 2008 R2 and Windows Server® 2008, use Netsh.

In Windows Server® 2012, you can use Netsh, or you can use Windows PowerShell.

Do not use this procedure if the source NPS database has a higher version number than the version number of the destination NPS database. You can view the version number of the NPS database from the display of the netsh nps show config command.

When the netsh import command is run, NPS is automatically refreshed with the updated configuration settings. You do not need to stop NPS on the destination computer to run the netsh import command, however if the NPS console or NPS MMC snap-in is open during the configuration import, changes to the server configuration are not visible until you refresh the view.

Note

When you use the netsh nps export command, you are required to provide the command parameter exportPSK with the value YES. This parameter and value explicitly state that you understand that you are exporting the NPS server configuration, and that the exported XML file contains unencrypted shared secrets for RADIUS clients and members of remote RADIUS server groups.

Because NPS server configurations are not encrypted in the exported XML file, sending it over a network might pose a security risk, so take precautions when moving the XML file from the source server to the destination servers. For example, add the file to an encrypted, password protected archive file before moving the file. In addition, store the file in a secure location to prevent malicious users from accessing it.

Note

If SQL Server logging is configured on the source NPS server, SQL Server logging settings are not exported to the XML file. After you import the file on another NPS server, you must manually configure SQL Server logging.

Administrative credentials

To complete this procedure, you must be a member of the Administrators group.

On the source NPS server, open Command Prompt, type netsh, and then press Enter.

At the netsh prompt, type nps, and then press Enter.

At the netsh nps prompt, type export filename="path\file.xml"exportPSK=YES, where path is the folder location where you want to save the NPS server configuration file, and file is the name of the XML file that you want to save. Press Enter.

This stores configuration settings (including registry settings) in an XML file. The path can be relative or absolute, or it can be a Universal Naming Convention (UNC) path. After you press Enter, a message appears indicating whether the export to file was successful.

Copy the file you created to the destination NPS server.

At a command prompt on the destination NPS server, type netsh nps import filename="path\file.xml", and then press Enter. A message appears indicating whether the import from the XML file was successful.